Quick response codes are becoming part of campus life as
more students arrive with a mobile device in their pockets. QR codes are fun for
students and easy to use for college stores trying to find ways to get information
out on products or special events.
The problem is the codes can also be a glaring security
weakness.
“A single poisoned link is all it takes to expose an
entire organization to a full-scale attack,” said David Maman, chief technology
officer and founder of GreenSQL,
in an article in Campus Technology.
Users are unable to turn off the browser in a mobile
device, making it exposed to malware even when it’s not in use, according to
Maman. In addition, malware known as a rootkit circumvents the built-in defenses of the mobile operating system.
“[Responding to a QR code] is akin to responding to
electronic solicitations and would have the same risks as responding to an unknown
advertising source,” said Scott Gordon, vice president, worldwide marketing,
for ForeScout Technologies.
“There is a potential to go to a site or invoke a request for an application
that appears to be reputable but is not.”
Gordon recommends educating users about the risks,
particularly as they apply to mobile devices, and encouraging campus users to
report possible threats. He also suggests requiring the use of antivirus
software across the campus, instituting network controls to monitor all access,
and installing management software to provide data-level protection for faculty
devices, along with creating a policy of do’s and don’ts for students to follow
with their personal devices.
